18.18 Filr Site Security

18.18.1 Configuring a Proxy Server

Your Micro Focus Filr system should be located behind your firewall. If Filr users want to access the Filr site from outside your firewall, you should set up a proxy server outside your firewall to provide access. You can use NetIQ Access Manager to protect your Filr site, as described in Access Manager (NAM) and Filr Integration in the Filr 3.4: Installation, Deployment, and Upgrade Guide.

18.18.2 Setting the Filr Administrator Password

The Filr site is initially installed to allow administrator access by using the user name admin and the password admin. You are prompted to change the Filr administrator password the first time you log in to the Port 9443 Appliance Console. Thereafter, you can change the password as described in Modifying Port 8443 Administrators.

18.18.3 XSS—Filr Is Secure

Cross-site scripting (XSS) is a client-side computer attack that is aimed at web applications. Because XSS attacks can pose a major security threat, Micro Focus Filr contains a built-in security filter that protects against XSS vulnerabilities. This security filter is enabled by default.

The following sections describe the types of content that the security filter blocks from the Filr site, where exactly it blocks it from entering, and how you can disable the security filter or enable specific users to bypass the security filter.

Understanding What Content Is Not Permitted

By default, the XSS security filter in Filr is very strict, and does not allow users to add certain types of content. For example, the following content is not permitted:

  • HTML that contains JavaScript

  • Forms

  • Frames

  • Objects

  • Applets

Understanding Where the Content Is Not Permitted

The type of content discussed in Understanding What Content Is Not Permitted is filtered by Filr in the following areas:

  • Text and HTML fields in entries and folders

  • Uploaded HTML files

Listing All XSS Threats in Your System

Filr enables you to run an XSS report that lists XSS threats that are contained in your Filr system. For more information, see XSS (Cross-Site Scripting) Report in the Filr 3.4.1: Administrative UI Reference.